Detections
Analytics

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1594)

high Nessus Plugin ID 311335

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1594 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: ctnetlink: remove refcounting in expectation dumpers (CVE-2025-39764)

 In the Linux kernel, the following vulnerability has been resolved:

 ipv6: use RCU in ip6_xmit() (CVE-2025-40135)

 In the Linux kernel, the following vulnerability has been resolved:

 blk-throttle: fix access race during throttle policy activation (CVE-2025-40147)

 In the Linux kernel, the following vulnerability has been resolved:

 binfmt_misc: restore write access before closing files opened by open_exec() (CVE-2025-68239)

 In the Linux kernel, the following vulnerability has been resolved:

 dm-verity: disable recursive forward error correction (CVE-2025-71161)

 In the Linux kernel, the following vulnerability has been resolved:

 dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004)

 In the Linux kernel, the following vulnerability has been resolved:

 tracing: Add recursion protection in kernel stack trace recording (CVE-2026-23138)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (CVE-2026-23274)

 In the Linux kernel, the following vulnerability has been resolved:

 net: add xmit recursion limit to tunnel xmit functions (CVE-2026-23276)

 In the Linux kernel, the following vulnerability has been resolved:

 net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (CVE-2026-23277)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: nf_tables: always walk all pending catchall elements (CVE-2026-23278)

 In the Linux kernel, the following vulnerability has been resolved:

 mptcp: pm: in-kernel: always mark signal+subflow endp as used (CVE-2026-23321)

 In the Linux kernel, the following vulnerability has been resolved:

 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (CVE-2026-23368)

 In the Linux kernel, the following vulnerability has been resolved:

 mm: thp: deny THP for files on anonymous inodes (CVE-2026-23375)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: xt_CT: drop pending enqueued packets on template removal (CVE-2026-23391)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)

 In the Linux kernel, the following vulnerability has been resolved:

 nfnetlink_osf: validate individual option lengths in fingerprints (CVE-2026-23397)

 In the Linux kernel, the following vulnerability has been resolved:

 icmp: fix NULL pointer dereference in icmp_tag_validation() (CVE-2026-23398)

 In the Linux kernel, the following vulnerability has been resolved:

 nf_tables: nft_dynset: fix possible stateful expression memleak in error path (CVE-2026-23399)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: bpf: defer hook memory release until rcu readers are done (CVE-2026-23412)

 In the Linux kernel, the following vulnerability has been resolved:

 clsact: Fix use-after-free in init/destroy rollback asymmetry (CVE-2026-23413)

 In the Linux kernel, the following vulnerability has been resolved:

 udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (CVE-2026-23439)

 In the Linux kernel, the following vulnerability has been resolved:

 net/mlx5e: Fix race condition during IPSec ESN update (CVE-2026-23440)

 In the Linux kernel, the following vulnerability has been resolved:

 net/mlx5e: Prevent concurrent access to IPSec ASO context (CVE-2026-23441)

 In the Linux kernel, the following vulnerability has been resolved:

 ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (CVE-2026-23443)

 In the Linux kernel, the following vulnerability has been resolved:

 igc: fix page fault in XDP TX timestamps handling (CVE-2026-23445)

 In the Linux kernel, the following vulnerability has been resolved:

 net/sched: teql: Fix double-free in teql_master_xmit (CVE-2026-23449)

 In the Linux kernel, the following vulnerability has been resolved:

 PM: runtime: Fix a race condition related to device removal (CVE-2026-23452)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (CVE-2026-23456)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (CVE-2026-23457)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (CVE-2026-23458)

 In the Linux kernel, the following vulnerability has been resolved:

 btrfs: log new dentries when logging parent dir of a conflicting inode (CVE-2026-23465)

 In the Linux kernel, the following vulnerability has been resolved:

 spi: fix statistics allocation (CVE-2026-23475)

 In the Linux kernel, the following vulnerability has been resolved:

 spi: fix use-after-free on controller registration failure (CVE-2026-31389)

 In the Linux kernel, the following vulnerability has been resolved:

 smb: client: fix krb5 mount with username option (CVE-2026-31392)

 In the Linux kernel, the following vulnerability has been resolved:

 nvdimm/bus: Fix potential use after free in asynchronous initialization (CVE-2026-31399)

 In the Linux kernel, the following vulnerability has been resolved:

 sunrpc: fix cache_request leak in cache_release (CVE-2026-31400)

 In the Linux kernel, the following vulnerability has been resolved:

 HID: bpf: prevent buffer overflow in hid_hw_request (CVE-2026-31401)

 In the Linux kernel, the following vulnerability has been resolved:

 nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402)

 In the Linux kernel, the following vulnerability has been resolved:

 NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (CVE-2026-31403)

 In the Linux kernel, the following vulnerability has been resolved:

 xen/privcmd: restrict usage in unprivileged domU (CVE-2026-31788)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel6.12 --releasever 2023.11.20260427' or or 'dnf update --advisory ALAS2023-2026-1594 --releasever 2023.11.20260427' to update your system.

See Also

https://alas.aws.amazon.com//AL2023/ALAS2023-2026-1594.html

https://alas.aws.amazon.com/faqs.html

https://explore.alas.aws.amazon.com/CVE-2025-39764.html

https://explore.alas.aws.amazon.com/CVE-2025-40135.html

https://explore.alas.aws.amazon.com/CVE-2025-40147.html

https://explore.alas.aws.amazon.com/CVE-2025-68239.html

https://explore.alas.aws.amazon.com/CVE-2025-71161.html

https://explore.alas.aws.amazon.com/CVE-2026-23004.html

https://explore.alas.aws.amazon.com/CVE-2026-23138.html

https://explore.alas.aws.amazon.com/CVE-2026-23274.html

https://explore.alas.aws.amazon.com/CVE-2026-23276.html

https://explore.alas.aws.amazon.com/CVE-2026-23277.html

https://explore.alas.aws.amazon.com/CVE-2026-23278.html

https://explore.alas.aws.amazon.com/CVE-2026-23321.html

https://explore.alas.aws.amazon.com/CVE-2026-23368.html

https://explore.alas.aws.amazon.com/CVE-2026-23375.html

https://explore.alas.aws.amazon.com/CVE-2026-23391.html

https://explore.alas.aws.amazon.com/CVE-2026-23392.html

https://explore.alas.aws.amazon.com/CVE-2026-23397.html

https://explore.alas.aws.amazon.com/CVE-2026-23398.html

https://explore.alas.aws.amazon.com/CVE-2026-23399.html

https://explore.alas.aws.amazon.com/CVE-2026-23412.html

https://explore.alas.aws.amazon.com/CVE-2026-23413.html

https://explore.alas.aws.amazon.com/CVE-2026-23439.html

https://explore.alas.aws.amazon.com/CVE-2026-23465.html

https://explore.alas.aws.amazon.com/CVE-2026-23475.html

https://explore.alas.aws.amazon.com/CVE-2026-31389.html

https://explore.alas.aws.amazon.com/CVE-2026-31392.html

https://explore.alas.aws.amazon.com/CVE-2026-31399.html

https://explore.alas.aws.amazon.com/CVE-2026-31400.html

https://explore.alas.aws.amazon.com/CVE-2026-31401.html

https://explore.alas.aws.amazon.com/CVE-2026-31402.html

https://explore.alas.aws.amazon.com/CVE-2026-31403.html

https://explore.alas.aws.amazon.com/CVE-2026-31788.html

https://explore.alas.aws.amazon.com/CVE-2026-23440.html

https://explore.alas.aws.amazon.com/CVE-2026-23441.html

https://explore.alas.aws.amazon.com/CVE-2026-23443.html

https://explore.alas.aws.amazon.com/CVE-2026-23445.html

https://explore.alas.aws.amazon.com/CVE-2026-23449.html

https://explore.alas.aws.amazon.com/CVE-2026-23452.html

https://explore.alas.aws.amazon.com/CVE-2026-23455.html

https://explore.alas.aws.amazon.com/CVE-2026-23456.html

https://explore.alas.aws.amazon.com/CVE-2026-23457.html

https://explore.alas.aws.amazon.com/CVE-2026-23458.html

Plugin Details

Severity: High

ID: 311335

File Name: al2023_ALAS2023-2026-1594.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 4/30/2026

Updated: 4/30/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-23413

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2026-31788

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:python3-perf6.12, p-cpe:/a:amazon:linux:kernel6.12-libbpf, p-cpe:/a:amazon:linux:kernel6.12, p-cpe:/a:amazon:linux:kernel6.12-libbpf-static, p-cpe:/a:amazon:linux:kernel6.12-tools-devel, p-cpe:/a:amazon:linux:kernel6.12-libbpf-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-headers, p-cpe:/a:amazon:linux:kernel6.12-modules-extra, p-cpe:/a:amazon:linux:kernel6.12-debuginfo, p-cpe:/a:amazon:linux:bpftool6.12-debuginfo, p-cpe:/a:amazon:linux:bpftool6.12, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:perf6.12, p-cpe:/a:amazon:linux:perf6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel6.12-modules-extra-common, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:kernel6.12-devel, p-cpe:/a:amazon:linux:kernel6.12-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-livepatch-6.12.79-101.147, p-cpe:/a:amazon:linux:python3-perf6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-libbpf-devel, p-cpe:/a:amazon:linux:kernel6.12-tools

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/30/2026

Vulnerability Publication Date: 9/11/2025

Reference Information

CVE: CVE-2025-39764, CVE-2025-40135, CVE-2025-40147, CVE-2025-68239, CVE-2025-71161, CVE-2026-23004, CVE-2026-23138, CVE-2026-23274, CVE-2026-23276, CVE-2026-23277, CVE-2026-23278, CVE-2026-23321, CVE-2026-23368, CVE-2026-23375, CVE-2026-23391, CVE-2026-23392, CVE-2026-23397, CVE-2026-23398, CVE-2026-23399, CVE-2026-23412, CVE-2026-23413, CVE-2026-23439, CVE-2026-23440, CVE-2026-23441, CVE-2026-23443, CVE-2026-23445, CVE-2026-23449, CVE-2026-23452, CVE-2026-23455, CVE-2026-23456, CVE-2026-23457, CVE-2026-23458, CVE-2026-23465, CVE-2026-23475, CVE-2026-31389, CVE-2026-31392, CVE-2026-31399, CVE-2026-31400, CVE-2026-31401, CVE-2026-31402, CVE-2026-31403, CVE-2026-31788